[CERT-daily] Tageszusammenfassung - 20.03.2019

Daily end-of-shift report team at cert.at
Wed Mar 20 18:38:54 CET 2019 

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 19-03-2019 18:00 − Mittwoch 20-03-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Videos für mehr Cyber-Sicherheit: BSI startet YouTube-Kanal ∗∗∗
---------------------------------------------
Ab sofort ist das BSI auch bei der Videoplattform YouTube zu finden. Unter dem Namen "Bundesamt für Sicherheit in der Informationstechnik" finden Interessierte zunächst Tipps und Hinweise für Privatanwender sowie spannende Karriereinformationen oder Neuigkeiten über das BSI. 
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Youtube-200319.html
https://www.youtube.com/channel/UC_VgLyJQsChxKfDJcdI-Tcg


∗∗∗ SilkETW: Because Free Telemetry is...Free! ∗∗∗
---------------------------------------------
In the following example, we will collect process event data from the Kernel provider and use image loads to identify Mimikatz execution. We can collect the required data with this command:    SilkETW.exe -t kernel -kk ImageLoad -ot file -p C:\Users\b33f\Desktop\mimikatz.json  With data in hand it is easy to sort, grep and filter for the properties we are interested in (Figure 2).
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2019/03/silketw-because-free-telemetry-is-free.html


∗∗∗ Fake-Shop btckraken.de stielt Daten und liefert nicht! ∗∗∗
---------------------------------------------
Die Suche nach günstiger Technik führt manche Konsument/innen zu btckraken.de. Aus angeblichen Sicherheitsgründen werden bei einer Bestellung Ausweisdokumente verlangt. Eine Zahlung erfolgt vorab. Hier darf nicht bestellt werden: Es handelt sich um schweren Identitätsdiebstahl für weitere Verbrechen unter fremden Namen und die Waren werden nie geliefert!
---------------------------------------------
https://www.watchlist-internet.at/news/fake-shop-btckrakende-stielt-daten-und-liefert-nicht/


∗∗∗ Ransomware is not dead - a light analysis of LockerGoga ∗∗∗
---------------------------------------------
Despite many reports saying that the number of Ransomware samples is on the decrease, we see again and again big multinational companies suffering from these attacks.Just two days ago, Norway based Norsk Hydro - one of the Worlds largest Aluminium producers - was hit by a severe Ransomware attack: [...]
---------------------------------------------
http://blog.joesecurity.org/2019/03/ransomware-is-not-dead-light-analysis.html


∗∗∗ Severe security bug found in popular PHP library for creating PDF files ∗∗∗
---------------------------------------------
Vulnerability patched last year, but many websites and web apps will most likely remain vulnerable for years.
---------------------------------------------
https://www.zdnet.com/article/severe-security-bug-found-in-popular-php-library-for-creating-pdf-files/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco IP Phone 7800 Series and 8800 Series Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-rce 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipab 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipfudos 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipptv 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-csrf


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (libelf and wordpress), CentOS (cloud-init, cockpit, openssl, and tomcat), Gentoo (openssh), openSUSE (ovmf), Scientific Linux (cloud-init), and SUSE (go1.11, ldb, lftp, libssh2_org, and openwsman).
---------------------------------------------
https://lwn.net/Articles/783566/


∗∗∗ Security Advisory - Digital Signature Verification Bypass Vulnerability in Some Huawei Routers ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190320-01-ar-en


∗∗∗ Security Advisory - Signature Verification Bypass Vulnerability in Some Huawei Mobile Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190320-01-phone-en


∗∗∗ OpenSSL vulnerability CVE-2019-1559 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K18549143


∗∗∗ HPESBST03915 rev.1 - HPE CVAE products, and Hitachi Infrastructure Analytics Advisor(HIAA) using JDK, Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us


∗∗∗ IBM Security Bulletin: Cloudant Local Apache CouchDB CVE-2018-17188: Remote Privilege Escalations ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cloudant-local-apache-couchdb-cve-2018-17188-remote-privilege-escalations/


∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE 2018-1992 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-update-is-being-released-to-address-cve-2018-1992/


∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct 2018 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2018-includes-oracle-oct-2018-cpu/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Security Directory Integrator (CVE-2018-2800, CVE-2018-2783) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-security-directory-integrator-cve-2018-2800-cve-2018-2783-2/


∗∗∗ IBM Security Bulletin: Vulnerabilities in deserialization of openid connect cookie ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-deserialization-of-openid-connect-cookie/


∗∗∗ IBM Security Bulletin: Vulnerability in Apache CXF ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apache-cxf/


∗∗∗ IBM Security Bulletin: Vulnerabilities in WAS traditional and liberty ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-was-traditional-and-liberty/


∗∗∗ IBM Security Bulletin: Vulnerability in IBM SDK, Java Technology Edition Quarterly CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-sdk-java-technology-edition-quarterly-cpu/


∗∗∗ IBM Security Bulletin: Vulnerabilities in 3RD PARTY XSS in IBM WebSphere CacheMonitor ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-3rd-party-xss-in-ibm-websphere-cachemonitor/


∗∗∗ IBM Security Bulletin: Publicly Disclosed Vulnerability Found By vFinder (CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-publicly-disclosed-vulnerability-found-by-vfinder-cve-2017-7656-cve-2017-7657-cve-2017-7658-cve-2018-12536/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list